1. 16 Sep, 2011 5 commits
    • Nicholas Bellinger's avatar
      iscsi-target: Disable markers + remove dangerous local scope array usage · 2ff017f5
      Nicholas Bellinger authored
      This patch makes iscsi-target explictly disable OFMarker=Yes and IFMarker=yes
      parameter key usage during iscsi login by setting IFMarkInt_Reject and
      OFMarkInt_Reject values in iscsi_enforce_integrity_rules() to effectively
      disable iscsi marker usage.  With this patch, an initiator proposer asking
      to enable either marker parameter keys will be issued a 'No' response, and
      the target sets OFMarkInt + IFMarkInt parameter key response to 'Irrelevant'.
      
      With markers disabled during iscsi login, this patch removes the problematic
      on-stack local-scope array for marker intervals in iscsit_do_rx_data() +
      iscsit_do_tx_data(), and other related marker code in iscsi_target_util.c.
      This fixes a potentional stack smashing scenario with small range markers
      enabled and a large MRDSL as reported by DanC here:
      
      [bug report] target: stack can be smashed
      http://www.spinics.net/lists/target-devel/msg00453.htmlReported-by: default avatarDan Carpenter <error27@gmail.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      2ff017f5
    • Nicholas Bellinger's avatar
      target: Skip non hex characters for VPD=0x83 NAA IEEE Registered Extended · 784eb99e
      Nicholas Bellinger authored
      This patch adds target_parse_naa_6h_vendor_specific() to address a bug where the
      conversion of PRODUCT SERIAL NUMBER to use hex2bin() in target_emulate_evpd_83()
      was not doing proper isxdigit() checking.  This conversion of the vpd_unit_serial
      configifs attribute is done while generating a VPD=0x83 NAA IEEE Registered
      Extended DESIGNATOR format's 100 bits of unique VENDOR SPECIFIC IDENTIFIER +
      VENDOR SPECIFIC IDENTIFIER EXTENSION area.
      
      This patch allows vpd_unit_serial (VPD=0x80) and the T10 Vendor ID DESIGNATOR
      format (VPD=0x83) to continue to use free-form variable length ASCII values,
      and now skips any non hex characters for fixed length NAA IEEE Registered Extended
      DESIGNATOR format (VPD=0x83) requring the binary conversion.
      
      This was originally reported by Martin after the v3.1-rc1 change to use hex2bin()
      in commit 11650b85 where the use of non hex
      characters in vpd_unit_serial generated different values than the original
      v3.0 internal hex -> binary code.  This v3.1 change caused a problem with
      filesystems who write a NAA DESIGNATOR onto it's ondisk metadata, and this patch
      will (again) change existing values to ensure that non hex characters are not
      included in the fixed length NAA DESIGNATOR.
      
      Note this patch still expects vpd_unit_serial to be set via existing userspace
      methods of uuid generation, and does not do strict formatting via configfs input.
      
      The original bug report and thread can be found here:
      
      NAA breakage
      http://www.spinics.net/lists/target-devel/msg00477.html
      
      The v3.1-rc1 formatting of VPD=0x83 w/o this patch:
      
      VPD INQUIRY: Device Identification page
        Designation descriptor number 1, descriptor length: 20
          designator_type: NAA,  code_set: Binary
          associated with the addressed logical unit
            NAA 6, IEEE Company_id: 0x1405
            Vendor Specific Identifier: 0xffde35ebf
            Vendor Specific Identifier Extension: 0x3092f498ffa820f9
            [0x6001405ffde35ebf3092f498ffa820f9]
        Designation descriptor number 2, descriptor length: 56
          designator_type: T10 vendor identification,  code_set: ASCII
          associated with the addressed logical unit
            vendor id: LIO-ORG
            vendor specific: IBLOCK:ffde35ec-3092-4980-a820-917636ca54f1
      
      The v3.1-final formatting of VPD=0x83 w/ this patch:
      
      VPD INQUIRY: Device Identification page
        Designation descriptor number 1, descriptor length: 20
          designator_type: NAA,  code_set: Binary
          associated with the addressed logical unit
            NAA 6, IEEE Company_id: 0x1405
            Vendor Specific Identifier: 0xffde35ec3
            Vendor Specific Identifier Extension: 0x924980a82091763
            [0x6001405ffde35ec30924980a82091763]
        Designation descriptor number 2, descriptor length: 56
          designator_type: T10 vendor identification,  code_set: ASCII
          associated with the addressed logical unit
            vendor id: LIO-ORG
            vendor specific: IBLOCK:ffde35ec-3092-4980-a820-917636ca54f1
      
      (v2: Fix parsing code to dereference + check for string terminator instead
           of null pointer to ensure a zeroed payload for vpd_unit_serial less
           than 100 bits of NAA DESIGNATOR VENDOR SPECIFIC area.  Also, remove
           the unnecessary bitwise assignment)
      Reported-by: default avatarMartin Svec <martin.svec@zoner.cz>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      784eb99e
    • Christoph Hellwig's avatar
      tcm_fc: Work queue based approach instead of managing own thread and event based mechanism · 58fc73d1
      Christoph Hellwig authored
      Problem: Changed from wake_up_interruptible -> wake_up_process and
      wait_event_interruptible-> schedule_timeout_interruptible broke the FCoE
      target.  Earlier approach of wake_up_interruptible was also looking at
      'queue_cnt' which is not necessary, because it increment of 'queue_cnt'
      with wake_up_inetrriptible / waker_up_process introduces race condition.
      
      Fix: Instead of fixing the code which used wake_up_process and remove
      'queue_cnt', using work_queue based approach is cleaner and acheives
      same result. As well, work queue based approach has less programming
      overhead and OS manages threads which processes work queues.
      
      This patch is developed by Christoph Hellwig and reviwed+validated by
      Kiran Patil.
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarKiran Patil <kiran.patil@intel.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      58fc73d1
    • Kiran Patil's avatar
      tcm_fc: Invalidation of DDP context for FCoE target in error conditions · 079587b4
      Kiran Patil authored
      Problem: HW DDP context wasn;t invalidated in case of ABORTS, etc...
      This leads to the problem where memory pages which are used for DDP
      as user descriptor could get reused for some other purpose (such as to
      satisfy new memory allocation request either by kernel or user mode threads)
      and since HW DDP context was not invalidated, HW continue to write to
      those pages, hence causing memory corruption.
      
      Fix: Either on incoming ABORTS or due to exchange time out, allowed the
      target to cleanup HW DDP context if it was setup for respective ft_cmd.
      Added new function to perform this cleanup, furthur it can be enhanced
      for other cleanup activity.
      
      Additinal Notes: To avoid calling ddp_done from multiple places, composed
      the functionality in helper function "ft_invl_hw_context" and it is being
      called from multiple places. Cleaned up code in function "ft_recv_write_data"
      w.r.t DDP.
      Signed-off-by: default avatarKiran Patil <kiran.patil@intel.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      079587b4
    • Roland Dreier's avatar
      target: Fix race between multiple invocations of target_qf_do_work() · bcac364a
      Roland Dreier authored
      When work is scheduled with schedule_work(), the work can end up
      running on multiple CPUs at the same time -- this happens if
      the work is already running on one CPU and schedule_work() is called
      on another CPU.  This leads to list corruption with target_qf_do_work(),
      which is roughly doing:
      
      	spin_lock(...);
      	list_for_each_entry_safe(...) {
      		list_del(...);
      		spin_unlock(...);
      
      		// do stuff
      
      		spin_lock(...);
      	}
      
      With multiple CPUs running this code, one CPU can end up deleting the
      list entry that the other CPU is about to work on.
      
      Fix this by splicing the list entries onto a local list and then
      operating on that in the work function.  This way, each invocation of
      target_qf_do_work() operates on its own local list and so multiple
      invocations don't corrupt each other's list.  This also avoids dropping
      and reacquiring the lock for each list entry.
      Signed-off-by: default avatarRoland Dreier <roland@purestorage.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      bcac364a
  2. 15 Sep, 2011 31 commits
  3. 14 Sep, 2011 4 commits
    • Linus Torvalds's avatar
      Merge git://bedivere.hansenpartnership.com/git/scsi-rc-fixes-2.6 · bcd438be
      Linus Torvalds authored
      * git://bedivere.hansenpartnership.com/git/scsi-rc-fixes-2.6: (25 commits)
        [SCSI] bnx2i: Fixed the endian on TTT for NOP out transmission
        [SCSI] libfc: fix referencing to fc_fcp_pkt from the frame pointer via fr_fsp()
        [SCSI] libfc: block SCSI eh thread for blocked rports
        [SCSI] libfc: fix fc_eh_host_reset
        [SCSI] fcoe: Fix deadlock between fip's recv_work and rtnl
        [SCSI] qla2xxx: Update version number to 8.03.07.07-k.
        [SCSI] qla2xxx: Set the task attributes after memsetting fcp cmnd.
        [SCSI] qla2xxx: Correct inadvertent loop state transitions during port-update handling.
        [SCSI] qla2xxx: Save and restore irq in the response queue interrupt handler.
        [SCSI] qla2xxx: Double check for command completion if abort mailbox command fails.
        [SCSI] qla2xxx: Acquire hardware lock while manipulating dsd list.
        [SCSI] qla2xxx: Fix qla24xx revision check while enabling interrupts.
        [SCSI] qla2xxx: T10 DIF - Fix incorrect error reporting.
        [SCSI] qla2xxx: T10 DIF - Handle uninitalized sectors.
        [SCSI] hpsa: fix physical device lun and target numbering problem
        [SCSI] hpsa: fix problem that OBDR devices are not detected
        [SCSI] isci: add version number
        [SCSI] isci: fix event-get pointer increment
        [SCSI] isci: dynamic interrupt coalescing
        [SCSI] isci: Leave requests alone if already terminating.
        ...
      bcd438be
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://oss.sgi.com/xfs/xfs · 53d872e9
      Linus Torvalds authored
      * 'for-linus' of git://oss.sgi.com/xfs/xfs:
        xfs: fix a use after free in xfs_end_io_direct_write
      53d872e9
    • Al Viro's avatar
      restore pinning the victim dentry in vfs_rmdir()/vfs_rename_dir() · 1d2ef590
      Al Viro authored
      We used to get the victim pinned by dentry_unhash() prior to commit
      64252c75 ("vfs: remove dget() from dentry_unhash()") and ->rmdir()
      and ->rename() instances relied on that; most of them don't care, but
      ones that used d_delete() themselves do.  As the result, we are getting
      rmdir() oopses on NFS now.
      
      Just grab the reference before locking the victim and drop it explicitly
      after unlocking, same as vfs_rename_other() does.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Tested-by: default avatarSimon Kirby <sim@hostway.ca>
      Cc: stable@kernel.org (3.0.x)
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1d2ef590
    • Christoph Hellwig's avatar
      xfs: fix a use after free in xfs_end_io_direct_write · 2d2422ae
      Christoph Hellwig authored
      There is a window in which the ioend that we call inode_dio_wake on
      in xfs_end_io_direct_write is already free.  Fix this by storing
      the inode pointer in a local variable.
      
      This is a fix for the regression introduced in 3.1-rc by
      "fs: move inode_dio_done to the end_io handler".
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarAlex Elder <aelder@sgi.com>
      2d2422ae